AMC Networks Inc. - (AMCX)

10-K Filing Date: February 09, 2024
Item 1C. Cybersecurity.
All companies utilizing technology are subject to the risk of breaches of or unauthorized access to their computer systems. The Company maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The Audit Committee of our Board of Directors and our management are actively involved in the oversight of our risk management program, of which cybersecurity represents an important component. We have established policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats and incidents. Our policies, processes and procedures include, among other things, annual external penetration testing using an experienced third-party company; a cybersecurity incident response and recovery plan; periodic and ongoing security awareness training for employees; the use of several comprehensive vulnerability analysis systems to evaluate software vulnerabilities both internally and externally; and mechanisms to detect and monitor unusual network activity. The Company also requires that all third-party vendors that have access to or handle sensitive information undergo a risk-based vendor security assessment. We also maintain controls and procedures that are designed to promptly escalate certain cybersecurity incidents so that decisions
34



regarding public disclosure and reporting of such incidents can be made by management and our Board of Directors in a timely manner. There can be no guarantee that our policies and procedures will be properly followed in every instance or that those policies and procedures will be effective.
Our cyber risk management program is based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. Our cybersecurity risks are identified and addressed through a comprehensive, cross- functional approach. The Company has established a cybersecurity committee consisting of members of senior management, including the Company’s Chief Information Security Officer (“CISO”). The Company’s CISO is primarily responsible for the implementation of defense capabilities and risk mitigation strategies. The Company’s CISO has over 25 years of information technology and cybersecurity experience. He holds the title of Senior Vice President of Technology Services and Chief Information Security Officer, has been in his role since 2021 and is supported by his direct reports and their teams. The cybersecurity committee also includes senior members from the Company’s legal, human resources, technology, communications and risk management departments. This committee meets on a periodic basis to review various cybersecurity and data privacy matters and is responsible for maintaining processes to assess, identify and manage material risks from cybersecurity threats. The cybersecurity committee provides quarterly updates to the Company’s General Counsel, Chief Financial Officer and Executive Vice President of Global Media Operations and Technology. In addition, the cybersecurity committee has established regional triage teams that are responsible for responding to any cybersecurity incident and deciding if other members of the cybersecurity committee, Company employees or Company vendors should be involved in the Company’s response.
Our Audit Committee takes the lead on behalf of our Board of Directors in monitoring risk management, which includes overseeing the Company’s management of its cybersecurity and data privacy. The Audit Committee meets on a quarterly basis with our General Counsel and Chief Financial Officer, who provide quarterly reports concerning the Company’s information security and cybersecurity risks.
Although we have not been materially impacted by any cybersecurity incident to date, we are subject to cybersecurity threats, as discussed in Item 1A. Risk Factors, including in the risk factor entitled “We face continually evolving cybersecurity risks, which could result in the disclosure, theft or destruction of confidential information, disruption of our programming, damage to our brands and reputation, legal exposure and financial losses.”